System: Trust: Certificates - work in progress for https://github.com/opnsense/core/issues/7248

* handle externally managed certificates (manual action)

src/opnsense/mvc/app/controllers/OPNsense/Trust/Api/CertController.php

@@ -135,6 +135,11 @@ class CertController extends ApiMutableModelControllerBase
                     $error = $data['error'] ?? '';
                 }
                 break;
+            case 'manual':
+                if (!empty((string)$node->crt_payload)) {
+                    $node->crt = base64_encode((string)$node->crt_payload);
+                }
+                break;
         }
         if ($error !== false) {
             throw new UserException($error, "Certificate error");

src/opnsense/mvc/app/models/OPNsense/Trust/Cert.xml

@@ -22,6 +22,7 @@
                     <import>Import an existing Certificate</import>
                     <import_csr>Import certificate (signed by CA)</import_csr>
                     <reissue>Reissue and replace certificate (does not restart services)</reissue>
+                    <manual>Manual</manual>
                 </OptionValues>
             </action>
             <key_type type="OptionField" volatile="true">

src/opnsense/mvc/app/models/OPNsense/Trust/FieldTypes/CertificatesField.php

@@ -126,8 +126,10 @@ class CertificatesField extends ArrayField
             $node->prv_payload = !empty((string)$node->prv) ? (string)base64_decode($node->prv) : '';
             if (!empty((string)$node->csr_payload)) {
                 $node->action = 'import_csr';
-            } elseif (!empty((string)$node->crt_payload)) {
+            } elseif (!empty((string)$node->crt_payload) && !empty((string)$node->prv_payload)) {
                 $node->action = 'reissue';
+            } elseif (!empty((string)$node->crt_payload)) {
+                $node->action = 'manual';
             }
         }
         return parent::actionPostLoadingEvent();